IJEME Vol. 15, No. 2, 8 Apr. 2025
Cover page and Table of Contents: PDF (size: 633KB)
PDF (633KB), PP.1-10
Views: 0 Downloads: 0
Data Leakage, Cyber Security, Cyber Resilience, Personal Data
Data leakage is the deliberate or accidental transfer of data of institutions or individuals to a different source. Especially, with the increasing use of IT assets after the pandemic, data leaks are more common. Firewalls, anti-virus software, Intrusion Prevention Systems (IPS), or Intrusion Detection Systems (IDS) products are preferred within the network to ensure the security of data sources. However, this type of security software works server-based and often protects the network from outside attacks. It is seen that the main source of data leaks experienced recently is internal vulnerabilities. Data Loss Prevention (DLP), which is the right choice for preventing data leaks, is a system developed to identify, monitor, and protect data in motion or stored in a database. DLPs are preferred to prevent unauthorized distribution of data at the source. DLP software is recommended for technical measures against data security, especially the Personal Data Protection Law (KVKK) in Turkey and General Data Protection Regulation (GDPR) in the European Union.
Test virtual machines were set up for implementation in real-world scenarios and using personal and corporate data, the behavior and durability of DLP software in cases of unauthorized data upload to USB, CD/DVD, cloud resources, office software, e-mail or ftp server were evaluated. It was observed that potential leaks and risks occur in data discovery, data masking, data hiding and data encryption according to the data density in data leakage prevention.
Ahmet Ali Süzen, Osman Ceylan, "Robustness Assessment of Data Loss Prevention (DLP) Software for Data Leakage against Different Data Types and Sources", International Journal of Education and Management Engineering (IJEME), Vol.15, No.2, pp. 1-10, 2025. DOI:10.5815/ijeme.2025.02.01
[1]Molitor, D., Saharia, A., Raghupathi, V., & Raghupathi, W. (2024). Exploring the Characteristics of Data Breaches: A Descriptive Analytic Study. Journal of Information Security, 15(2), 168-195.
[2]Kayser, C. S., Back, S., & Toro-Alvarez, M. M. (2024). Identity Theft: The Importance of Prosecuting on Behalf of Victims. Laws, 13(6), 68.
[3]ITRC (2023). Consumer Impact Report 2023, Identity Theft Resoruce Centre.
[4]AL-Hawamleh, A. M. (2023). Predictions of cybersecurity experts on future cyber-attacks and related cybersecurity measures. momentum, 3(14), 15.
[5]Pimenta Rodrigues, G. A., Marques Serrano, A. L., Lopes Espiñeira Lemos, A. N., Canedo, E. D., Mendonça, F. L. L. D., de Oliveira Albuquerque, R., ... & García Villalba, L. J. (2024). Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review Data, 9(2), 27.
[6]Neri, M., Niccolini, F., & Martino, L. (2024). Organizational cybersecurity readiness in the ICT sector: a quanti-qualitative assessment. Information & Computer Security, 32(1), 38-52.
[7]IBM Corporation (2024). Cost of Data Breach Report 2024. https://table.media/wp-content/uploads/2024/07/30132828/Cost-of-a-Data-Breach-Report-2024.pdf
[8]Global Report (2023). 2023 Cost of Insider Risks Global Report. The Global Leader for Insider Risk Management. Ponemon Institute. https://www2.dtexsystems.com/l/464342/2023-09-15/3w7l7k/464342/1694800570ZwvyrzsD/2023_Cost_of_Insider_Risks_Global_Report___Ponemon_and_DTEX___Dgtl.pdf
[9]GDPR, G. D. P. R. (2016). General data protection regulation. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
[10]Papadimitriou, P., & Garcia-Molina, H. (2010). Data leakage detection. IEEE Transactions on knowledge and data engineering, 23(1), 51-63.
[11]Alneyadi, S., Sithirasenan, E., & Muthukkumarasamy, V. (2016). A survey on data leakage prevention systems. Journal of Network and Computer Applications, 62, 137-152.
[12]Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Ahmad Khan, R. (2020, May). Healthcare data breaches: insights and implications. In Healthcare (Vol. 8, No. 2, p. 133). MDPI.
[13]Carlini, N., Hayes, J., Nasr, M., Jagielski, M., Sehwag, V., Tramer, F., ... & Wallace, E. (2023). Extracting training data from diffusion models. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 5253-5270).
[14]Herrera Montano, I., García Aranda, J. J., Ramos Diaz, J., Molina Cardín, S., De la Torre Díez, I., & Rodrigues, J. J. (2022). Survey of Techniques on Data Leakage Protection and Methods to address the Insider threat. Cluster Computing, 25(6), 4289-4302.
[15]Syarova, S., Toleva-Stoimenova, S., Kirkov, A., Petkov, S., & Traykov, K. (2024, June). Data Leakage Prevention and Detection in Digital Configurations: А Survey. In Environment. Technologies. Resources. Proceedings of the international scientific and practical conference (Vol. 2, pp. 253-258).
[16]Domnik, J., & Holland, A. (2024). On Data Leakage Prevention Maturity: Adapting the C2M2 Framework. Journal of Cybersecurity and Privacy, 4(2), 167-195.
[17]Gupta, I., Mittal, S., Tiwari, A., Agarwal, P., & Singh, A. K. (2022). TIDF-DLPM: Term and inverse document frequency based data leakage prevention model. arXiv preprint arXiv:2203.05367.
[18]Mohd, N., & Yunos, Z. (2020, June). Mitigating Insider Threats: A Case Study of Data Leak Prevention. In European Conference on Cyber Warfare and Security (pp. 599-605). Academic Conferences International Limited.
[19]Alhindi, H., Traore, I., & Woungang, I. (2021). Preventing data leak through semantic analysis. Internet of Things, 14, 100073.
[20]Nayak, S. K., & Ojha, A. C. (2020). Data leakage detection and prevention: Review and research directions. Machine Learning and Information Processing: Proceedings of ICMLIP 2019, 203-212.
[21]Braghin, S., Simioni, M., & Sinn, M. (2022, June). DLPFS: The Data Leakage Prevention FileSystem. In International Conference on Applied Cryptography and Network Security (pp. 380-397). Cham: Springer International Publishing.
[22]Alsuwaie, M. A., Habibnia, B., & Gladyshev, P. (2021, November). Data Leakage Prevention Adoption Model & DLP Maturity Level Assessment. In 2021 International Symposium on Computer Science and Intelligent Controls (ISCSIC) (pp. 396-405). IEEE.
[23]Dominguez, R. (2022). Next-generation encryption protocols for cloud data protection in Fintech environments. Technology (IJRCAIT), 2(2).
[24]Access Link: https://www.acronis.com/en-us/products/cloud/cyber-protect/data-loss-prevention/ Access Date: 08.07.2024
[25]Access Link: https://clevercontrol.com/ Access Date: 12.07.2024
[26]Access Link: https://www.code42.com/solutions/data-loss-prevention/ Access Date: 15.07.2024
[27]Access Link: https://www.endpointprotector.com/solutions/data-loss-prevention Access Date: 20.07.2024
[28]Access Link: https://www.cyberhaven.com/product/data-loss-prevention Access Date: 23.07.2024
[29]Access Link: https://www.digitalguardian.com/solutions/data-loss-prevention Access Date: 28.07.2024
[30]Access Link: https://www.forcepoint.com/product/dlp-data-loss-prevention Access Date: 02.08.2024
[31]Access Link: https://www.microsoft.com/tr-tr/security/business/information-protection/microsoft-purview-data-loss-prevention Access Date: 08.08.2024
[32]Access Link: https://www.proofpoint.com/us/resources/data-sheets/enterprise-data-loss-prevention Access Date: 12.08.2024
[33]Access Link: https://www.safetica.com/solutions-data-loss-prevention Access Date: 16.08.2024
[34]Access Link: https://sympro.net/data-loss-prevention-dlp/ Access Date: 19.08.2024
[35]Access Link: https://www.teramind.co/solutions/dlp-data-loss-prevention/ Access Date: 23.08.2024
[36]Access Link: https://www.trellix.com/products/dlp/ Access Date: 27.08.2024
[37]Access Link: https://www.trendmicro.com/en_no/business.html Access Date: 30.08.2024
[38]Access Link: https://www.crypttech.com/tr/products/vatos-dlp/ Access Date: 01.07.2024
[39]Access Link: https://veriato.com/ebooks-whitepapers/evolution-of-dlp/ Access Date: 05.07.2024